Dagarick Opublikowano 11 Grudnia 2015 Zgłoś Udostępnij Opublikowano 11 Grudnia 2015 dopadło i mnine p.s. przy uruchomieniu pełnego GMER pojawia się Bluescreen po czym restartuje system a w trybie awaryjnym jest informacja o zamknęciu progrmu z powodu błędu... wiec dodaje GMER krótki Addition.txt FRST.txt Shortcut.txt Gmer.txt Odnośnik do komentarza
picasso Opublikowano 11 Grudnia 2015 Zgłoś Udostępnij Opublikowano 11 Grudnia 2015 (edytowane) Był tu używany ComboFix i na ten temat: KLIK. To obecnie nawet nie jest zbyt dobry program do usuwania adware, o wiele większą specjalizację ma AdwCleaner. Akcje do przeprowadzenia: 1. Odinstaluj stare wersje i zbędniki: Adobe AIR, Adobe Flash Player 11 ActiveX, Adobe Reader X (10.1.10) - Polish, DivX Setup, Driver Booster 2.4, Google Toolbar for Internet Explorer, Java 8 Update 60, Real Alternative 1.9.0 Lite. Przstrzegam też przez używaniem automatów do aktualizacji sterowników. Można nabroić. 2. Otwórz Notatnik i wklej w nim: CloseProcesses: CreateRestorePoint: ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449655721&z=0477a6665088a845a4c4bb4gbz2z6t3q1w2w3m9gae&from=ient07021&uid=HitachiXHTS545032B9A300_100107PBP303Q6F6HRRLX ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SklepGOL\GOL Downloader\GOL Downloader.lnk -> C:\Program Files\SklepGOL\GOL Downloader\Launcher.exe () -> hxxp://www.yoursites123.com/?type=sc&ts=1449655721&z=0477a6665088a845a4c4bb4gbz2z6t3q1w2w3m9gae&from=ient07021&uid=HitachiXHTS545032B9A300_100107PBP303Q6F6HRRLX ShortcutWithArgument: C:\Users\GeoDeus\Desktop\Wiedzmin.lnk -> D:\Game\Wtcher\launcher.exe (CD Projekt Red) -> hxxp://www.yoursites123.com/?type=sc&ts=1449655721&z=0477a6665088a845a4c4bb4gbz2z6t3q1w2w3m9gae&from=ient07021&uid=HitachiXHTS545032B9A300_100107PBP303Q6F6HRRLX ShortcutWithArgument: C:\Users\GeoDeus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449655721&z=0477a6665088a845a4c4bb4gbz2z6t3q1w2w3m9gae&from=ient07021&uid=HitachiXHTS545032B9A300_100107PBP303Q6F6HRRLX ShortcutWithArgument: C:\Users\GeoDeus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449655721&z=0477a6665088a845a4c4bb4gbz2z6t3q1w2w3m9gae&from=ient07021&uid=HitachiXHTS545032B9A300_100107PBP303Q6F6HRRLX ShortcutWithArgument: C:\Users\GeoDeus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449655721&z=0477a6665088a845a4c4bb4gbz2z6t3q1w2w3m9gae&from=ient07021&uid=HitachiXHTS545032B9A300_100107PBP303Q6F6HRRLX ShortcutWithArgument: C:\Users\GeoDeus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449655721&z=0477a6665088a845a4c4bb4gbz2z6t3q1w2w3m9gae&from=ient07021&uid=HitachiXHTS545032B9A300_100107PBP303Q6F6HRRLX ShortcutWithArgument: C:\Users\GeoDeus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449655721&z=0477a6665088a845a4c4bb4gbz2z6t3q1w2w3m9gae&from=ient07021&uid=HitachiXHTS545032B9A300_100107PBP303Q6F6HRRLX ShortcutWithArgument: C:\Users\Public\Desktop\GOL Downloader.lnk -> C:\Program Files\SklepGOL\GOL Downloader\Launcher.exe () -> hxxp://www.yoursites123.com/?type=sc&ts=1449655721&z=0477a6665088a845a4c4bb4gbz2z6t3q1w2w3m9gae&from=ient07021&uid=HitachiXHTS545032B9A300_100107PBP303Q6F6HRRLX ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449655721&z=0477a6665088a845a4c4bb4gbz2z6t3q1w2w3m9gae&from=ient07021&uid=HitachiXHTS545032B9A300_100107PBP303Q6F6HRRLX StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe hxxp://www.yoursites123.com/?type=sc&ts=1449655721&z=0477a6665088a845a4c4bb4gbz2z6t3q1w2w3m9gae&from=ient07021&uid=HitachiXHTS545032B9A300_100107PBP303Q6F6HRRLX HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia HKU\S-1-5-21-3916604919-2912353607-3506189148-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449655721&z=0477a6665088a845a4c4bb4gbz2z6t3q1w2w3m9gae&from=ient07021&uid=HitachiXHTS545032B9A300_100107PBP303Q6F6HRRLX HKU\S-1-5-21-3916604919-2912353607-3506189148-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449655721&z=0477a6665088a845a4c4bb4gbz2z6t3q1w2w3m9gae&from=ient07021&uid=HitachiXHTS545032B9A300_100107PBP303Q6F6HRRLX&q={searchTerms} DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab FF HKLM\...\Firefox\Extensions: [bkmrksync@nokia.com] - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync CustomCLSID: HKU\S-1-5-21-3916604919-2912353607-3506189148-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> Brak ścieżki do pliku CustomCLSID: HKU\S-1-5-21-3916604919-2912353607-3506189148-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> Brak ścieżki do pliku CustomCLSID: HKU\S-1-5-21-3916604919-2912353607-3506189148-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> Brak ścieżki do pliku CustomCLSID: HKU\S-1-5-21-3916604919-2912353607-3506189148-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> Brak ścieżki do pliku CustomCLSID: HKU\S-1-5-21-3916604919-2912353607-3506189148-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> Brak ścieżki do pliku CustomCLSID: HKU\S-1-5-21-3916604919-2912353607-3506189148-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> Brak ścieżki do pliku CustomCLSID: HKU\S-1-5-21-3916604919-2912353607-3506189148-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> Brak ścieżki do pliku CustomCLSID: HKU\S-1-5-21-3916604919-2912353607-3506189148-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> Brak ścieżki do pliku CustomCLSID: HKU\S-1-5-21-3916604919-2912353607-3506189148-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> Brak ścieżki do pliku CustomCLSID: HKU\S-1-5-21-3916604919-2912353607-3506189148-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> Brak ścieżki do pliku CustomCLSID: HKU\S-1-5-21-3916604919-2912353607-3506189148-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> Brak ścieżki do pliku CustomCLSID: HKU\S-1-5-21-3916604919-2912353607-3506189148-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> Brak ścieżki do pliku CustomCLSID: HKU\S-1-5-21-3916604919-2912353607-3506189148-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\GeoDeus\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll => Brak pliku Task: {0E04DCDC-622F-4375-A952-99DB8B5839C7} - \Program aktualizacji online firmy DivX. -> Brak pliku Task: {10685C1C-9661-4DF5-9897-D3D74FF67139} - \Program aktualizacji online firmy Adobe. -> Brak pliku Task: {2D60BEED-4E10-45EB-8851-66C03B1004BB} - System32\Tasks\{7CED57D7-D2FF-4228-BA93-C6A5C6AFEEE3} => pcalua.exe -a C:\Users\GeoDeus\Downloads\subedit_b4072_install.exe -d C:\Users\GeoDeus\Downloads Task: {344DF784-5623-45FC-BCB4-7E4138F15BDC} - System32\Tasks\Opera N Sunday => C:\Program Files\Opera\launcher.exe Task: {380BC765-8DDA-481F-8DCD-9623410CABDC} - System32\Tasks\{6D86AB5E-0779-4A32-B886-A2155321FEDE} => pcalua.exe -a C:\Users\GeoDeus\Desktop\bws-scs10.exe -d C:\Users\GeoDeus\Desktop Task: {530196E1-41E3-4F5F-94DF-057AC9AC074F} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\windows\ehome\ehrec.exe Task: {584B023C-385E-4DA7-B7CA-335B19FAF6D7} - System32\Tasks\{0340523C-1868-49DA-9774-2C0304E49B78} => E:\OFBE.exe Task: {641FC928-E93C-4F2D-B4A5-6634C8DFE7D5} - System32\Tasks\{2DFDB17C-DF29-4FC8-A064-4F1F662B58F4} => pcalua.exe -a "C:\Users\GeoDeus\Downloads\SubEdit Player + CodecPack 4072.exe" -d C:\Users\GeoDeus\Downloads Task: {7218ED70-31FD-4E5A-8B3B-2738FE876283} - System32\Tasks\{55C89BF2-2ABB-47C1-8D58-2745E3F4A60F} => pcalua.exe -a D:\Download\HL2\autorun.exe -d D:\Download\HL2 Task: {7B373790-ED56-4506-B44C-E05702BBE5A6} - System32\Tasks\{398EB5AB-089B-41D7-B434-514B4570D448} => E:\OFBE.exe Task: {849B1EF4-5B76-440E-B9AF-D924F827C472} - System32\Tasks\Opera N Saturday => C:\Program Files\Opera\launcher.exe Task: {8849CEF8-5037-489C-9941-4FA099AC7B86} - System32\Tasks\{161AAD91-8666-482B-B5E5-D9C8259D0319} => E:\OFBE.exe Task: {89FAC0F6-6197-41E0-9BD9-67E3C8AFD03B} - System32\Tasks\{A98708E4-3625-46E7-8AD5-BA96A9477FFE} => msiexec.exe /package "C:\Users\GeoDeus\Downloads\setup(2).msi" Task: {8C087AEF-1655-4166-89D9-5DC3EBFB5EC6} - System32\Tasks\{BF57CAD7-782C-4C0B-8BF9-023F028B87BF} => pcalua.exe -a "D:\Game\Fallout 3\mody\crack 1.7\witaminki\Fallout 3 v1.7.0.3 UCP + Launcherfix_JWC-2009\Fallout 3 v1.7.0.3 UCP + Launcherfix.exe" -d "D:\Game\Fallout 3\mody\crack 1.7\witaminki\Fallout 3 v1.7.0.3 UCP + Launcherfix_JWC-2009" Task: {9DE53A8A-2858-4086-BD11-8097669A70CD} - System32\Tasks\{0BEBBB73-A966-43FB-8321-54BAAA478BBB} => pcalua.exe -a H:\setup.exe -d H:\ Task: {A7F2EFFC-63A4-4DB3-8D9B-F718A0FA452D} - System32\Tasks\{38DAF03A-DB3F-4F38-B5C9-4F897BFE0FC8} => msiexec.exe /package "C:\Users\GeoDeus\Downloads\setup(2).msi" Task: {A8FEB30D-5976-44C1-9D44-81C70CFD6A9F} - System32\Tasks\{6BEBC824-4AA5-458E-8E58-EFD8DB8AC026} => E:\OFBE.exe Task: {AA3C58CF-CF91-46E4-BA9B-B8107B62749C} - System32\Tasks\{F920929D-1359-4502-9AF1-CF6F0695C6F1} => E:\OFBE.exe Task: {B9511F52-5A59-40F8-AAEE-8C6B90364249} - System32\Tasks\{BBCB7E8C-94AE-4593-9947-7A3BD43917C6} => pcalua.exe -a D:\Download\HL2\VENGEANCE\HL2Installer\hl2install.exe -d D:\Download\HL2\VENGEANCE\HL2Installer Task: {BC9E559C-256D-4018-BF0C-2A911C1FEEF6} - System32\Tasks\{C4F66CC5-48D8-45BA-8835-D2744891B926} => pcalua.exe -a C:\Users\GeoDeus\Downloads\kav9.0.0.736pl.exe -d C:\Users\GeoDeus\Downloads Task: {C977B334-266F-4877-82D6-D8F3075C0B7A} - System32\Tasks\{8A60DDEC-E3D4-4589-B9FE-073DC8B4E4EE} => E:\OFBE.exe Task: {D54284C1-8B81-4AA6-88F9-237DEA362A8A} - System32\Tasks\{CDBCAE87-4D81-4E7D-8318-38AECB9272FD} => msiexec.exe /package "C:\Users\GeoDeus\Downloads\setup(2).msi" Task: {E29C4BA1-8975-47FD-8B31-BBC2580FF0AB} - System32\Tasks\{8142B1C9-92BE-4381-9E5A-43E2C6452A7F} => pcalua.exe -a C:\Users\GeoDeus\Documents\Backup_karty_E75\Nokia_PC_Suite_7_0_9_2_EA.exe -d C:\Users\GeoDeus\Documents\Backup_karty_E75 Task: {EEF26A76-9C84-4C1B-BE50-E0379C95A7C0} - System32\Tasks\{7128B715-5988-456E-B879-E5A127E1F8D9} => pcalua.exe -a F:\K\Kodeki\k-lite\klcodec272f.exe -d F:\K\Kodeki\k-lite Task: {F13E36EC-A76B-44F0-BB34-CF60857CF30A} - System32\Tasks\{6E2A3BC0-76EB-4571-A4E4-DC1D0F0366AC} => E:\OFBE.exe Task: {F2C0228D-92DA-4FDE-9D05-5FAC9695C423} - System32\Tasks\{A60286BF-F3C7-417C-90E7-DC7A7AA6DFDE} => msiexec.exe /package "C:\Users\GeoDeus\Downloads\setup(2).msi" Task: {F69607F9-4353-47CA-B25E-7B034242BB9A} - System32\Tasks\{F6AF1B03-3C6C-4F18-8987-E3D1B453E0E6} => pcalua.exe -a "C:\Users\GeoDeus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QSEL537Y\godlozip[1].exe" -d C:\Users\GeoDeus\Desktop Task: {FA6B5E0C-2277-4411-93BE-C1172E10DA2B} - System32\Tasks\{EB234C9C-9840-433B-BDC8-F1B1B9629A7E} => pcalua.exe -a C:\Users\GeoDeus\Downloads\Nero-6.6.1.15c_wch.exe -d "C:\Program Files\Mozilla Firefox" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service" U5 AppMgmt; C:\windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) S3 catchme; \??\C:\Users\GeoDeus\AppData\Local\Temp\catchme.sys [X] DeleteKey: HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I DeleteKey: HKCU\Software\dobreprogramy DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\BBSvc DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DivXMediaServer DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DivXUpdate DeleteKey: HKLM\SOFTWARE\yoursites123Software DeleteKey: HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main DeleteKey: HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main DeleteKey: HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main RemoveDirectory: C:\AdwCleaner RemoveDirectory: C:\Program Files\Mozilla Firefox\plugins RemoveDirectory: C:\Program Files\RegCleaner RemoveDirectory: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orange RemoveDirectory: C:\ProgramData\Temp RemoveDirectory: C:\ProgramData\UWdMU RemoveDirectory: C:\ProgramData\Microsoft\Windows\GameExplorer\{A9733055-6FF4-4ACE-9696-E97EC65695D9} RemoveDirectory: C:\Qoobox RemoveDirectory: C:\Users\GeoDeus\AppData\Local\Google\Chrome RemoveDirectory: C:\Users\GeoDeus\AppData\LocalLow\SecurePlugin RemoveDirectory: C:\Users\GeoDeus\AppData\Roaming\Shortcut RemoveDirectory: C:\Users\GeoDeus\Desktop\Stare dane programu Firefox CMD: del /q C:\Users\GeoDeus\AppData\Local\*.html CMD: del /q C:\Users\GeoDeus\AppData\Local\{4F37DF4E-0FA9-4469-A76B-A58130B2B859} CMD: netsh advfirewall reset EmptyTemp: Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach. Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Napraw (Fix). Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, system zostanie zresetowany. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt. 3.Zrób nowy log FRST z opcji Skanuj (Scan), ponownie z Addition, ale już bez Shortcut. Dołącz też plik fixlog.txt. Edytowane 2 Czerwca 2016 przez picasso Temat zostaje zamknięty z powodu braku odpowiedzi. //picasso Odnośnik do komentarza
Rekomendowane odpowiedzi